Crypto Challenge

A Game for Codebreakers.

Few false ideas have more firmly gripped the minds of so many intelligent men than the one that, if they just tried, they could invent a cipher that no one could break.

The objective of this challenge is to make your way through our eight crypto challenges. These levels cover a wide range of topics, from steganography to cryptographic attacks.

We've set up a web service to generate levels. After obtaining an auth token from /api-token-auth/, you'll be allowed to request levels. Each time you send a GET request to '/challenge/', the backend generates a completely new challenge (with a new password). Once you've generated the challenge, you can submit password guesses by POST-ing to /challenge/<level>/. A correct guess will return a hash which can be sent to You must complete the levels in order, but you may submit your hash at any time.

When you complete the crypto challenge, send your resume along with all hash values you collected and any code used in the challenges to: Please remember to document your solutions and provide code where applicable.

The challenge API is documented below and all requests are sent to<action>

NOTE: In each subsequent request, you'll need to provide a special authentication header: Authorization: JWT <token>

Method Action Details
POST /api-token-auth/

Authenticate to the service. You only need an email address to obtain a token. Note: in each subsequent request, you'll need to provide a special authentication header: Authorization: JWT <token>


{"email": ""}


{"token": "d2VsbCBhcmVuJ3QgeW91IGN1cmlvdXM/..."}

GET /challenge/<level>/

Retrieve a new challenge and hint for a certain level. You must play levels in order, i.e. you cannot do level 8 before the previous 7 levels.


{"level": 1, challenge": "", "hint": ""}

POST /challenge/<level>/

Attempt to solve a certain level. If you correctly solve the puzzle, you'll receive a hash. Note: This hash may be sent to at any time.





GET /hash/

At any point, you may request the hash corresponding to your current highest level.


{"level": 8, hash":"6f722061206d61727320726f766572"}

To help get you started, we've included basic code needed to retrieve and solve challenges.

The code may require you to install the Requests Python module before running. If you don't have this module installed already, follow the simple installation instructions before starting.



Crypto Hall of Fame

  1. David Schuetz
  2. Josh Eversmann
  3. Julian Dunning
  4. Tristian Howard
  5. Richard Penshorn

Will you be next? We'll be watching. But feel free to reach out via Twitter @PraetorianLabs.